IIS based hackme labs

Viewing 6 reply threads
  • Author
    Posts
    • #7985
      jinwald12
      Participant

      Has anyone found any good IIS/ASP/MSSQL hackme labs, I tried the Foundstone “hacme” series but am wondering if anyone knows any others.

    • #50695
      dynamik
      Participant

      I can’t think of anything else besides the Simple ASP.NET Forms piece of the OWASP Broken Web Applications Project: http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html

      Creating your own vulnerable app would always be a good project 8)

    • #50696
      Jamie.R
      Participant

      Making your own would be a great way to learn. I don’t think you will find any that use Microsoft products unless you pay for it. I know elearn have a few sites but you need to pay for their labs.

    • #50697
      dynamik
      Participant

      @Jamie.R wrote:

      Making your own would be a great way to learn. I don’t think you will find any that use Microsoft products unless you pay for it. I know elearn have a few sites but you need to pay for their labs.

      This hasn’t been the case for awhile. You can get the express versions of their development tools and SQL Server for free. Licensing obviously prevents a convenient all-in-one VM from being distributed, but it’s a minimal amount of work to install IIS, SQL Server Express, and copy the application files over.

    • #50698
      m0wgli
      Participant

      I haven’t tried this yet so I don’t know if it’s any good or not.

      VulnApp (.NET): http://www.nth-dimension.org.uk/blog.php?id=88

    • #50699
      ziggy_567
      Participant

      I haven’t tried it yet, either, but I think Acunetix has a vulnerable ASP example site.

      I couldn’t find the link in the 2 minutes I spent on Google either.

    • #50700
      m0wgli
      Participant

      I came across this blog post by Raul Siles (a SANS instructor for the SEC542 “Web App Penetration Testing and Ethical Hacking” course) whilst looking for the Acunetix link:

      http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html

      It has a really good list of vulnerable web apps.

Viewing 6 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?